Privacy and data protection

Amazon Ring video doorbell flaw left users open to attack

A vulnerability in Amazon’s Ring video doorbells left the internet-of-things devices open to a variety of attacks Continue Reading

Security in the supply chain – a post-GDPR approach

A year and a half after the introduction of the EU’s General Data Protection Regulation, Fieldfisher's James Walsh reviews the fundamentals of supply chain security Continue Reading

Saudis recruited Twitter employees to spy on critics

Court documents reveal how the Saudi Arabian government targeted Twitter employees as part of a coordinated effort to gather information on known dissidents Continue Reading

CW Benelux: Dutch banks fight money laundering

Dutch banks are sharing expertise and resources to help reduce money laundering through their accounts. Also read in this issue how companies could lose loyal IT staff because salary rises do not match those at rival employers, and why a Dutch province is pioneering a no-code software development platform. Continue Reading

Trend Micro insider breach exposes need for data-centric protection

Simple measures could have saved consumer security product supplier from insider breach Continue Reading

How Facebook’s ‘Switcheroo’ plan concealed scheme to kill popular apps

Leaked documents reveal how Facebook used and abused app developers, cut off data to competitors, gave privileged access to its friends and used privacy as a cover story Continue Reading

Professional cyber criminals command $75k per annum

An ill-advised career in cyber crime is potentially almost as well-paying as a job as a threat researcher in the industry, according to Tenable researchers Continue Reading

Lawmakers study leaked Facebook documents made public today

Computer Weekly publishes cache of leaked documents disclosed to Congress Continue Reading

What changes are needed to create a cyber-savvy culture?

PA Consulting's Cate Pye considers the people and process changes that are necessary to build a security aware business culture Continue Reading

Huawei: 5G growth will be maintained with or without US tech supply

Huawei dismisses US tech sabre-rattling and claims it will continue robust business growth in 5G with or without US suppliers Continue Reading

Security Think Tank: Adapt security posture to your cloud model

Misconfigured cloud environments are increasingly identified as the source of damaging data breaches and leaks, raising serious questions for enterprises. Where does responsibility for data security in the cloud lie, and how can security professionals best work with their teams and cloud providers to resolve the problem? Continue Reading

Ransomware authors seeking new ways to avoid being spotted

Sector analysis from Sophos has revealed some insight into how malware authors are adapting to thwart cyber security controls Continue Reading

The benefits of API-first software development

In this week’s Computer Weekly, we find out how organisations are using an API-based approach to software development to boost digital initiatives. We examine the potential pitfalls in using cloud storage. And we talk to the Department for Work and Pensions about its four-year project to move from outsourced IT to the cloud. Read the issue now. Continue Reading

ICO launches data security campaign for UK General Election

Information commissioner Elizabeth Denham launches campaign to remind the public of their rights when personal data is used for political purposes Continue Reading

Gartner: The time is right to make IT a boardroom issue

In many businesses, IT is regarded as an internal service provider and cost centre. Gartner says now is the best time for CIOs to make IT strategic Continue Reading

ICO says UK police must ‘slow down’ use of facial recognition

The Information Commissioner’s Office is calling for a statutory code of practice to govern how police in the UK deploy live facial recognition technology while controversy surrounding its use continues Continue Reading

Security Think Tank: In the cloud, the buck stops with you

Misconfigured cloud environments are increasingly identified as the source of damaging data breaches and leaks, raising serious questions for enterprises. Where does responsibility for data security in the cloud lie, and how can security professionals best work with their teams and cloud providers to resolve the problem? Continue Reading

Banks let customers down with mixed approaches to security

Treasury Committee report recommends new measures to tackle financial fraud Continue Reading

Alibaba Cloud earns security credentials in automotive and healthcare sectors

Alibaba Cloud’s compliance with Tisax and GxP follows earlier efforts by major public cloud suppliers to win over enterprises with strict data protection and security rules Continue Reading

What will succeed the National Cyber Security Strategy?

As the National Cyber Security Strategy nears the end of its working life, the government is considering what comes next, and is asking probing questions of its successes and failures Continue Reading

Fancy Bear resumes Olympic hacks ahead of Tokyo games

Fancy Bear is back in action and once again targeting anti-doping bodies and sporting organisations, warns Microsoft Continue Reading

IR35 reforms – the difficult decisions facing IT contractors

In this week’s Computer Weekly, we examine the difficult choices facing UK IT contractors from the controversial IR35 tax reforms. Social engineering is a major source of cyber security attacks – we look at mitigation strategies. And the IT chief at Mercedes F1 explains what it takes to support a world championship team. Read the issue now. Continue Reading

Endpoint security is a procurement issue, says HP, IDC study

Report warns that buyers are falling at the first hurdle on security by not including it in their endpoint RFPs and tenders Continue Reading

£4,000 bug bounty could have saved BA from record ICO fine

British Airways and others could have saved themselves millions of pounds’ worth of fines by having ethical hackers check their systems for simple vulnerabilities Continue Reading

Gartner: Three Barriers to AI Adoption

CIOs are set to include artificial intelligence in their IT strategy. Technical, legislative and cultural challenges could influence their AI ambitions Continue Reading

Take responsibility for cyber security basics, urges NCSC CEO

At the launch of its third annual review, NCSC head Ciaran Martin appealed for individuals and businesses to address the fundamentals of cyber security hygiene to help lighten the load Continue Reading

Banks move to contain impact of Samsung biometric flaw

NatWest and Nationwide have moved to lock down their mobile banking apps after Samsung warned of a biometric security flaw on its Galaxy and Note S10 devices Continue Reading

NordVPN blames datacentre provider for server breach

VPN provider insists no user data was compromised in a March 2018 server breach, and says its datacentre provider failed to inform it of the issue Continue Reading

Malware volumes decline, but risks are higher

More insidious and targeted strains of malware are going after high-quality targets, rather than a large volume of targets Continue Reading

Over-30s tend to do better at cyber security than younger colleagues

Attitudes to workplace cyber security differ by age group, but not in the way one might imagine, according to a new study by NTT Security Continue Reading

Equifax lawsuit offers more evidence against passwords

Equifax’s internal security policies were a mess and directly led to one of the largest recorded data breaches in history, according to a lawsuit, demonstrating fundamental insecurities inherent in the use of passwords Continue Reading

Alleged state hackers adapting to cover their tracks, says NCSC

A group called Turla with suspected links to the Russian government stole Iranian tools and infrastructure to obscure the origins of attacks on multiple other countries, according to new evidence Continue Reading

Huge rise in rogue banking apps driving fraud attacks

Fraud perpetrated through fake mobile apps purporting to be from legitimate banks has seen a statistically significant spike, says RSA Continue Reading

Amazon consumer devices vulnerable to two-year-old exploit

Millions of older Amazon Echo and Kindle devices are still susceptible to a Wi-Fi vulnerability that was first disclosed in 2017 Continue Reading

BEIS launches multimillion-pound security investment package

Government is making available more than £50m to support a range of new cyber security initiatives and collaborations, including the latest phase of its Digital Security by Design programme Continue Reading

NHSX could transform NHS security capabilities

The health sector is increasingly confident that NHSX can deliver a streamlined, effective cyber security policy for the health service Continue Reading

Security threat landscape becomes more organised and business-like

Approaches to securing the enterprise need to change in the face of a rapidly maturing threat landscape Continue Reading

Sweden’s first GDPR fine sets regulatory tone

Secondary school fined for breaching General Data Protection Regulation, signalling the attitude of Sweden’s Data Protection Authority Continue Reading

Security Think Tank: Embed security professionals in your risk strategy

How can security professionals help their organisations move from traditional governance, risk and compliance to integrated risk management that integrates risk activities from across an organisation to enable better strategic decision-making? Continue Reading

Attackers hunt iPhone jailbreakers in click fraud campaign

Research by Cisco’s Talos threat intel unit has identified a new click fraud campaign targeting people looking to jailbreak their iPhone devices Continue Reading

Security Think Tank: Risk management must go beyond spreadsheets

How can security professionals help their organisations move from traditional governance, risk and compliance to integrated risk management that integrates risk activities from across an organisation to enable better strategic decision making? Continue Reading

Securing the internet of things

In this week’s Computer Weekly, as security concerns prevent many organisations from adopting the internet of things, we examine mitigation strategies. Many firms are still struggling with GDPR policies – we assess if full compliance is ever possible. And we look at the technologies for delivering on-premise object storage. Read the issue now. Continue Reading

Private equity swoops on Sophos

British cyber security star picked up by technology sector investors for $3.9bn Continue Reading

Researchers reveal the cyber campaign that built China's new airliner

CrowdStrike has published details of a coordinated campaign of cyber espionage and hacking, forced technology transfer and physical theft as China seeks to gain an advantage in the commercial aviation industry Continue Reading

PCI DSS: Credit card data and what to expect from version 4.0

We preview October’s PCI Europe Community Meeting where attendees will discuss credit card payment data, with topics covered likely to include the cloud and point-to-point encryption Continue Reading

The Security Interviews: Applying AI to Lego, and security

Ann Johnson, Microsoft corporate vice-president of cyber security, is on a mission to prove that artificial intelligence holds great promise for the security sector, and she has the analogies to back it up Continue Reading

Security Think Tank: Consider risk holistically, not just from an IT angle

How can security professionals help their organisations move from traditional governance, risk and compliance to integrated risk management that integrates risk activities from across an organisation to enable better strategic decision making? Continue Reading

Zuckerberg’s mentor condemns Facebook’s business practices

Long-time Silicon Valley investor speaks out against surveillance capitalism and the lack of rules and regulations governing big tech’s behaviour Continue Reading

McAfee’s push for secure cloud adoption

Organisations must do more to secure their cloud environments as malicious actors increasingly focus their attention on exploiting cloud vulnerabilities, says McAfee Continue Reading

Data management strategies are evolving – so must enterprises

A growing number of data-driven initiatives, alongside heightened demand for security in governance, data management and compliance, has led to the rise of a more holistic approach – integrated risk management Continue Reading

US likely to concede on Huawei export ban

The US government may make some concessions over the future of Huawei before the end of the year Continue Reading

Security Think Tank: The operational approach to integrated risk management

How can security professionals help their organisations move from traditional governance, risk and compliance to integrated risk management that integrates risk activities from across an organisation to enable better strategic decision-making? Continue Reading

Security Think Tank: Get basic security policy right, and the rest will follow

Paying attention to basic aspects of cyber security such as policy and permission will give you a sold base to build from Continue Reading

Security Think Tank: Risk is unavoidable in digital transformation

How can security professionals help their organisations move from traditional governance, risk and compliance to integrated risk management that integrates risk activities from across an organisation to enable better strategic decision-making? Continue Reading

Government departments sign up to web data-sharing plan

All but four Whitehall departments have so far agreed to share web analytics data to allow the government to monitor user behaviour across the Gov.uk domain Continue Reading

UK and US call on Facebook to walk back encryption plans

The US, Australian and UK governments have asked Facebook to ditch plans to deploy end-to-end encryption across Facebook Messenger, Instagram and WhatsApp Continue Reading

IT contractor charged over cyber attack on property valuation firm

Australian police charge 49-year-old man with stealing and posting more than 170,000 data records belonging to ASX-listed Landmark White on the dark web Continue Reading

Why data-driven applications need a governance framework

Data is the new oil – but without tight control, how can business determine that the data is valid? Data catalogues are back in vogue Continue Reading

LogRhythm touts unlimited data plan for SIEM systems

SIEM supplier introduces three-year, term-based pricing plan that lets enterprises ingest as much data as they want without breaking the bank Continue Reading

Local authorities hit by 800 cyber attacks every hour

Local authorities and councils in the UK have reported being hit by more than 263 million cyber attacks in the first six months of this year Continue Reading

New threat group behind Airbus cyber attacks, claim researchers

Context Information Security’s threat intel and response teams says it has evidence that the recent supply chain attacks on Airbus are the work of a newly identified group called Avivore Continue Reading

Cyber war as big a threat as nuclear war, says ex-RSA head Coviello

Former RSA chairman Art Coviello has been speaking about the devastating potential of cyber weapons, and warned that humanity must learn from history in order to control them Continue Reading

Five million DoorDash customers’ details lost in data breach

Takeaway delivery service was breached in May 2019, resulting in the data of millions of users and delivery drivers being stolen Continue Reading

GDPR compliance: Whose job is it and is it really possible?

Nobody seems to have a good handle on business GDPR compliance, how many businesses are compliant, or indeed what compliance really is, but according to security experts, it very much depends on who you talk to Continue Reading

Attackers breached supplier systems to steal Airbus secrets

Airbus has been the subject of at least four major cyber attacks in the past 12 months, with contractors and suppliers targeted through their VPNs Continue Reading

Overinvestment breeds overconfidence among security pros

CISOs have made an abundance of security investments in multiple suppliers, but this might not be the right approach Continue Reading

Teen TalkTalk hacker accused of cryptocurrency fraud in US

Elliott Gunton, one of the teenage hackers who broke into TalkTalk’s systems in 2015, faces extradition to the US to face fraud charges Continue Reading

Instagram and WhatsApp – the new tools of social media propaganda

Facebook and Twitter have been cast as the villains of the piece, but social media disinformation and propaganda are evolving in new and alarming directions, say Oxford University researchers Continue Reading

Latest Lorca cyber security challenge has IoT focus

Government-backed cyber security innovation centre Lorca has issued new challenges around connectivity for its next intake of scaleups Continue Reading

Singapore payment card data compromised by JavaScript sniffers

Raw data of thousands of payment cards issued by Singapore banks stolen by the online equivalent of a traditional card sniffer Continue Reading

GandCrab ransomware writers still active despite ‘retirement’

Apparent links between an emerging ransomware family known as REvil and GandCrab suggests the GandCrab authors are keeping busy despite having “retired” in June Continue Reading

Enterprises exposed to data loss by cloud configuration errors

Only 1% of misconfigured cloud environments are spotted and attackers are capitalising on this, claims McAfee Continue Reading

Google pushes back on scale of YouTube phishing threat

Millions of YouTubers may be at risk after some high-profile influencers reported their accounts were compromised in an apparent phishing attack, but the platform’s owner, Google, is not so sure Continue Reading

Government insists 'nothing sinister' about web user data gathering

Government Digital Service responds to allegations that personal data gathered through Gov.uk portal could be used to target political messaging to citizens Continue Reading

Universities tempting targets for cyber criminals, warns NCSC

As hundreds of thousands of students prepare for the new academic year, universities have been warned that they are at high risk of cyber attack Continue Reading

WannaCry variants accidentally protecting against WannaCry

New variants of the infamous WannaCry malware continue to emerge, and many of them have accidentally turned themselves into a somewhat effective, although ill-advised, vaccine against infection Continue Reading

Emotet phishing botnet returns from summer vacation

The Emotet phishing trojan-turned-botnet is back in action after a three-and-a-half month break, say threat researchers Continue Reading

Ecuador citizens’ data breach holds lessons for enterprises

What caused the mass breach of Ecuadorian citizens’ data, and what can businesses learn from it? Continue Reading

US lawmakers demand internal Facebook, Google, Apple and Amazon documents in antitrust probe

US lawmakers have given big tech companies a deadline to disclose a wide range of documents as the House Judiciary Committee’s bipartisan investigation into competition gathers pace Continue Reading

Ensign InfoSecurity opens global headquarters in Singapore

The Singapore-based cyber security firm’s new headquarters will also be home to a new security operations centre that will be supported by Singapore-centric threat intelligence Continue Reading

Police use of algorithms needs stronger safeguards to prevent bias, report says

A study by the Royal United Services Institute calls for new code of practice to guide use of algorithmic tools in policing Continue Reading

European court to decide on legality of bulk phone and internet surveillance

The European Court of Justice will decide whether intelligence agencies across Europe can continue to lawfully collect the telephone and internet communications data of citizens, following a two-day hearing this week Continue Reading

When AIs go to war: Autonomous cyber weapons ‘inevitable’

CISOs must start thinking about how to engage with intelligent, adaptive, non-human attackers, says Trend Micro’s Rik Ferguson Continue Reading

Government seeks views on post-Brexit security alignment

The government has called for views on its proposals to align the UK’s post-Brexit cyber security policy to that of the European Union Continue Reading

ICO to probe government over Gov.uk data collection plan

The ICO is to look into the government’s leaked data collection plans over fears they may breach the law Continue Reading

UN agency Unicef praised for response to accidental data leak

The UN’s children’s agency has disclosed an inadvertent leak of personal data belonging to users of its online learning platform Agora Continue Reading

IBM introduces z15 mainframe with security data passport

In the new z15 enterprise server, IBM has focused on making data secure and auditable wherever it resides. Continue Reading

Mirai descendants dominate IoT threat environment

Attacks leveraging compromised IoT devices are growing in size, scale and frequency, report security experts at F-Secure and Trend Micro, with Mirai-related botnets a major source of trouble Continue Reading

Could Boris Johnson and Dominic Cummings' ‘secret’ data sharing plan work?

Prime minister Boris Johnson and his controversial special advisor, Dominic Cummings, are “secretly” working on a plan to gather citizen data from across Whitehall to be used for targeting ... Continue Reading

Regulators globally are shaping up to rein in Facebook

We need to move fast and fix Facebook, before it breaks us Continue Reading

Equifax and Heartbleed are most-Googled cyber security terms

Analysis of 15 years’ worth of Google search data has revealed some insight into what cyber security trends are capturing the imagination Continue Reading

GDPR non-compliance worse than feared

Over half of UK businesses do not yet appear to be fully GDPR-compliant, and many have de-prioritised their compliance efforts Continue Reading

UK calls for cyber capacity-building at UN security group

The UK’s representative to a United Nations cyber security working group has called for increased investment in capacity around cyber security Continue Reading

BT gears up to take on rogue drones

BT’s Enterprise unit is offering customers an anti-drone security solution to protect their physical sites from intrusion Continue Reading

Security Think Tank: The case for blockchain-based identity

What are the best and most effective ways information security professionals can use blockchain technology? Continue Reading

How Zuellig Pharma is fighting fake drugs with blockchain

The Asia-Pacific pharmaceutical giant is using a blockchain platform from SAP to help consumers identify the provenance of medicine Continue Reading

Terror watchlist faces reform after court rules it violates rights of people entering US

A secret US terrorist database containing information on more than 1.2 million people – who face repeated interrogations, detentions and electronic searches – violates constitutional rights, a US judge said last week Continue Reading

Social engineering a factor in virtually all cyber attacks, report claims

Almost every single cyber attack will, at some stage, require a human to be tricked into doing something, according to research by Proofpoint Continue Reading

Security Think Tank: Too soon to dismiss blockchain in cyber security

What are the best and most effective ways information security professionals can use blockchain technology? Continue Reading

Data-driven marketing, the real risk boards are missing

Boards need to act to break the cycle of privacy compliance failures, and shift focus to aligning business purpose with privacy and dealing with the real risk of data driven marketing, warns PwC’s GDPR and data protection lead Continue Reading